Cypher Injection Vulnerability in Apache Camel by Apache
CVE-2025-66169

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Camel Neo4j
Vendor: CVE Published:; 14 January 2026

What is CVE-2025-66169?

The Cypher Injection vulnerability affects the camel-neo4j component of Apache Camel, creating potential security risks. This issue may allow attackers to inject malicious Cypher queries into the system, potentially compromising data integrity and system functionality. To mitigate these risks, it is essential for users to upgrade to newer versions, specifically Apache Camel 4.10.8 for the 4.10.x LTS, 4.14.3 for the 4.14.x LTS, and 4.17.0.

Affected Version(s)

Apache Camel Neo4j 4.10.0 < 4.10.8

Apache Camel Neo4j 4.14.0 < 4.14.3

Apache Camel Neo4j 4.15.0 < 4.17.0

References

https://camel.apache.org/security/CVE-2025-66169.html

vendor-advisory

Timeline

Vulnerability published
Jan 14, 2026
Vulnerability Reserved
Nov 22, 2025

Credit

Ya0H4cker

JSON